| --- Log opened Wed Jan 03 00:00:21 2018 |
| 00:18 | | Vornotron [Vorn@Nightstar-1l3nul.res.rr.com] has quit [Operation timed out] |
| 01:31 | | celticminstrel [celticminst@Nightstar-m9434e.dsl.bell.ca] has joined #code |
| 01:31 | | mode/#code [+o celticminstrel] by ChanServ |
| 02:52 | | Jessikat [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has joined #code |
| 04:36 | <@himi> | http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table |
| 04:37 | <&McMartin> | The followup post is grimly amusing as well. |
| 04:39 | <&[R]> | McM posted that two days ago |
| 04:45 | <@himi> | I missed it |
| 04:45 | <@himi> | McMartin: URL for the followup? |
| 04:49 | < Mahal> | followup is linked from original. |
| 04:51 | <@himi> | Yeah, found it |
| 04:56 | | celticminstrel [celticminst@Nightstar-m9434e.dsl.bell.ca] has quit [[NS] Quit: KABOOM! It seems that I have exploded. Please wait while I reinstall the universe.] |
| 05:00 | | Derakon is now known as Derakon[AFK] |
| 05:07 | | Vornicus [Vorn@Nightstar-1l3nul.res.rr.com] has joined #code |
| 05:07 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 06:43 | | Vornlicious [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has joined #code |
| 06:46 | | Vorntastic [Vorn@Nightstar-1l3nul.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 07:48 | | Alek [Alek@Nightstar-7or629.il.comcast.net] has quit [Ping timeout: 121 seconds] |
| 07:52 | | Alek [Alek@Nightstar-7or629.il.comcast.net] has joined #code |
| 07:52 | | mode/#code [+o Alek] by ChanServ |
| 08:36 | | Vornlicious [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has quit [Ping timeout: 121 seconds] |
| 08:53 | | Vorntastic [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has joined #code |
| 09:05 | | Vornicus [Vorn@Nightstar-1l3nul.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 09:18 | | Vorntastic [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has quit [Ping timeout: 121 seconds] |
| 09:33 | | Vorntastic [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has joined #code |
| 11:51 | | Kindamoody[zZz] is now known as Kindamoody |
| 12:12 | | Kindamoody is now known as Kindamoody|afk |
| 12:25 | | Namegduf [namegduf@Nightstar-88jb61.dyn.plus.net] has quit [Ping timeout: 121 seconds] |
| 13:22 | < Jessikat> | https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/ |
| 13:35 | | Jessikat` [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has joined #code |
| 13:35 | | Jessikat [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has quit [Connection closed] |
| 13:46 | <@TheWatcher> | Jessikat`: see also http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table from McM a couple of days ago. This one's going to be a real clusterfuck >.< |
| 13:48 | <&McMartin> | Embargo apparently is lifted tomorrow |
| 13:48 | <&McMartin> | Should be fun times |
| 13:48 | <&McMartin> | (The Register article is better sourced) |
| 14:03 | < Vorntastic> | This is the crazy baddest |
| 14:03 | < Jessikat`> | Heh |
| 14:17 | | Jessikat` [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has quit [Connection closed] |
| 14:17 | | Jessikat [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has joined #code |
| 14:18 | <@TheWatcher> | It could be worse |
| 14:18 | <@TheWatcher> | It could set us on fire. |
| 14:32 | | Namegduf [namegduf@Nightstar-08u.5uh.185.31.IP] has joined #code |
| 14:32 | | mode/#code [+o Namegduf] by ChanServ |
| 14:46 | < Vorntastic> | That is true, it could be an hcf |
| 15:02 | | Jessikat [Jessikat@Nightstar-our0up.cpe.teksavvy.com] has quit [Ping timeout: 121 seconds] |
| 15:21 | | Degi [Degi@Nightstar-88rhip.dyn.telefonica.de] has joined #code |
| 15:24 | <&[R]> | So glad I'm in bed with AMD now |
| 15:28 | <@TheWatcher> | I'd second that, except I'd half fear some cockup from AMD coming to light~ |
| 15:28 | <&[R]> | Aye |
| 15:29 | <&[R]> | All my Intel CPUs are pretty slow already TBH |
| 15:29 | <&[R]> | So this isn't going to be a fun patch to apply |
| 15:30 | <&[R]> | (I think I have 5/19) |
| 15:34 | < Vorntastic> | Saw a thing, might have been here, where it was mentioned that if it goes back as far as described there hasn't been a bug-free Intel processor since the 486 |
| 15:35 | < Vorntastic> | What with f00f and the division bug and some other fool thing that I don't remember |
| 15:38 | <@Tamber> | Hooray complexity~ |
| 15:38 | <@Tamber> | (Delicious, delicious complexity...) |
| 16:07 | | Vornicus [Vorn@Nightstar-1l3nul.res.rr.com] has joined #code |
| 16:07 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 16:20 | | Kindamoody|afk is now known as Kindamoody |
| 17:14 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code |
| 17:23 | <&[R]> | https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/ <-- more of that thing |
| 17:28 | <~Vornicus> | the block diagram there finally explains to me a difference between the various levels of cache |
| 17:39 | <&[R]> | Always nice to learn something |
| 17:40 | <&[R]> | It boggles my mind that someone could attack the CPU itself |
| 17:40 | <&[R]> | I mean, I started to get that impression when they started attacking IME |
| 17:40 | <&[R]> | But this is a whole other level of crazy |
| 17:41 | <&[R]> | (The IME attack in question was locally run code that did /not/ hit the network.) |
| 17:47 | <&[R]> | <numbdewd> this guy looks sly too,, doesn't he :P https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx .. (frmo #Openbsd just now - thatlink i mean) <-- also that |
| 18:20 | <@Tamber> | https://twitter.com/brainsmoke/status/948561799875502080 |
| 19:25 | < Vorntastic> | Hot dang |
| 20:28 | | Vorntastic [Vorn@Nightstar-vn465g.sub-174-210-8.myvzw.com] has quit [[NS] Quit: Bye] |
| 20:28 | | Vorntastic [Vorn@Nightstar-1l3nul.res.rr.com] has joined #code |
| 20:28 | | Vornicus [Vorn@Nightstar-1l3nul.res.rr.com] has quit [Ping timeout: 121 seconds] |
| 20:29 | <&McMartin> | Sometimes people wonder why I'd retrocode in assembly language for fun |
| 20:29 | <&McMartin> | Some of the answer is days like today, where one does in fact recognize the value in a CPU made of only 4,000 transistors. |
| 20:32 | <&McMartin> | Well, OK. 5000. But 1000 of them are functionally just resistors. |
| 20:38 | <@gnolam> | :) |
| 20:42 | <&[R]> | https://newsroom.intel.com/news/intel-responds-to-security-research-findings/ |
| 20:43 | <&[R]> | "we haven't fucked up, and our CEO selling stock means absolutely nothing. Move along, move along." |
| 20:43 | <@TheWatcher> | "Intel believes its products are the most secure in the world" It's good to have beliefs. They say it's better for your mental health. |
| 20:44 | <&[R]> | Ha |
| 20:44 | <@TheWatcher> | Also, I'm glad it's not a "bug" or a "flaw", but is instead an "issue". |
| 20:44 | <@TheWatcher> | Comforting, that. |
| 20:45 | <&McMartin> | To be fair, barely half the things on my "buglist" are actually classified as "bugs" |
| 20:45 | <&McMartin> | https://www.reddit.com/r/pcmasterrace/comments/7nthay/a_quick_summary_of_the_current_intel_cpu_bug/ |
| 20:47 | <&[R]> | "The issue impacts all modern Intel CPUs. (Edit: It's been confirmed that the latest unaffected CPU is the original Pentium.)" |
| 20:47 | <&McMartin> | I'm seeing claims that it allows system takeover but so far all actual explanations of how it works only let you *read* kernel memory |
| 20:47 | <&McMartin> | Which lets you defeat ASLR if you have already otherwise compromised the system |
| 20:48 | <@Tamber> | one part of a chain of exploits |
| 20:49 | <&McMartin> | Yeah, unless terminology has changed since I was actually explicitly learning stuff, you don't name the severity of the exploit by the severity of the most powerful chain of attacks that contains it, you name the chain that |
| 20:49 | <&[R]> | The chain that what? |
| 20:50 | <&McMartin> | "that" is a noun there, not a preposition |
| 20:50 | <&McMartin> | If you have an exploit that defeats ALSR, and another exploit that is a privilege escalation |
| 20:50 | <&McMartin> | And then you have an attack that uses both |
| 20:51 | <&McMartin> | Then ALSR defeats #2, is defeated by #1, but an ALSR-defended system is only "taken over" by #3. |
| 20:52 | <&McMartin> | In particular, that "negative result" link a few screens back seems to tell us that you can't *write* kernel memory from user code with this. |
| 22:11 | <&[R]> | https://github.com/xoreaxeaxeax/movfuscator |
| 22:11 | | Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds] |
| 22:30 | <&McMartin> | I suppose xor eax, eax, eax is a slightly obfuscated mov |
| 22:53 | | Vornicus [Vorn@Nightstar-1l3nul.res.rr.com] has joined #code |
| 22:53 | | mode/#code [+qo Vornicus Vornicus] by ChanServ |
| 23:10 | <&McMartin> | Hey, here we go. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html |
| 23:13 | | himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds] |
| 23:19 | <&[R]> | https://meltdownattack.com/ |
| 23:27 | <&McMartin> | TheWatcher: re: "Issue" as opposed to "bug" or "flaw", ARM has an update out about this too that seems to suggest those are terms of art: |
| 23:27 | <&McMartin> | "However, this side-channel mechanism could enable someone to potentially extract some information that otherwise would not be accessible to software from processors that are performing as designed and not based on a flaw or bug." |
| 23:29 | <&[R]> | Almost sounds like "you discovered out 'acceptable tradeoff'" |
| 23:29 | <&[R]> | our* |
| 23:30 | <@TheWatcher> | Well. Next week, I could ask Steve Furber in person if that is the case~ |
| 23:30 | <&McMartin> | I can imagine 'flaw' might be restricted to something like 'manufacturing defect', which this clearly isn't~ |
| 23:31 | <&[R]> | The thing about name dropping, is the person listening has to know who that is :p |
| 23:31 | <@TheWatcher> | Principle designer of the ARM processor |
| 23:31 | <@TheWatcher> | *Principal |
| 23:31 | <&[R]> | Nifty |
| 23:31 | <@gnolam> | Aww. You got there before I could suggest "the inventor of the Furby". |
| 23:32 | | * [R] has 3 RPi 3s now |
| 23:32 | <@TheWatcher> | Snrk |
| 23:32 | <@TheWatcher> | That said, right about now I'm considering setting up as a furniture maker, or a watch maker, at this point. Less fucking craziness. |
| 23:33 | <&McMartin> | He's probably not the one at fault for RISC OS (and maybe Arthur's?) sprite palette layout |
| 23:33 | <&McMartin> | I want to ask *someone* about that. |
| 23:33 | <&McMartin> | The one where it's got noncontiguous color bits. |
| 23:34 | <&[R]> | IE colors were sorted by someone on LSD? |
| 23:34 | <&McMartin> | Not really |
| 23:34 | <&McMartin> | BBC BASIC resorted them to make some sense. |
| 23:35 | <&McMartin> | It had, broadly, 12-bit RGB color, but only 256 colors usable |
| 23:35 | | Degi_ [Degi@Nightstar-fp79ro.dyn.telefonica.de] has joined #code |
| 23:35 | <&McMartin> | So the rule was that the two lowest bits in RGB had to be the same (call it "black") |
| 23:35 | <&McMartin> | So you had COL which took a 0-63 value RRGGBB, more or less, and then a TINT that was the KK |
| 23:35 | <&McMartin> | That serialized something like RRGGBBKK, but only when doing BASIC-y things. |
| 23:36 | <&McMartin> | For the actual OS/GUI-level bitmap objects (aka, filetype "Sprite", used as icons and in-application graphics), it was... not |
| 23:36 | | * McMartin goes to dig that up again |
| 23:37 | <&McMartin> | OK, right, sorry, it was BBGGRR for the BASIC-y stuff, and also for the "draw graphics primitives" syscalls |
| 23:37 | <&McMartin> | But for the sprite bitmaps, it was BGGRBRKK. |
| 23:38 | | Degi [Degi@Nightstar-88rhip.dyn.telefonica.de] has quit [Ping timeout: 121 seconds] |
| 23:38 | <&McMartin> | (Still looks fine in the end, mind you. https://bumbershootsoft.files.wordpress.com/2017/07/riscos_17_target.png ) |
| 23:44 | <&McMartin> | The old RiscPC display didn't quite match what DOS VGA could, though, so the plasma effects look bad in RPCEmu |
| 23:45 | <&McMartin> | RISC OS Pi uses 24-bit color and handles it fine across the board. |
| --- Log closed Thu Jan 04 00:00:22 2018 |